Security researchers this week confirmed that they spotted new activity by hackers using "Triton" malware capable of doing real-world damage to oil, gas or water plants.

The security firm FireEye said in a blog post Wednesday that it had identified and was "responding to an additional intrusion by the attacker behind Triton at a different critical infrastructure facility."

It did not disclose details regarding the target.

FireEye urged oil, gas, water and other facilities with industrial control systems to ramp up defenses and vigilance for Triton activity on their networks.

A study of the hackers' arsenal indicated they may have been in action since early 2014, avoiding detection for years.

FireEye said that Triton hackers were refining the ability to damage industrial plants when they unintentionally caused the shutdown in 2017 that got them noticed.

"The targeting of critical infrastructure to disrupt, degrade, or destroy systems is consistent with numerous attack and reconnaissance activities carried out globally by Russian, Iranian, North Korean, US, and Israeli nation state actors," FireEye said in a blog post.

"Triton" tactics employ custom hacking tools to snake through plant networks to reach operating systems that control safety mechanisms, according to analysis that followed its initial discovery in late 2017 after it inadvertantly stopped processes at an oil plant in Saudi Arabia.

In an update last year, FireEye expressed confidence that the Triton activity was "supported by" the Central Scientific Research Institute of Chemistry and Mechanics, which it described as a Russian government-owned institution in Moscow.

FireEye described Triton as one of a limited number of publicly identified malicious software families aimed at industrial control systems.

"It follows Stuxnet which was used against Iran in 2010 and Industroyer which we believe was deployed by Sandworm Team against Ukraine in 2016," FireEye said in an earlier blog post.

"Triton is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence."

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Tweet

Thanks for being there; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Monthly Supporter $5+ Billed Monthly Option 1 : $5.00 USD - monthly Option 2 : $10.00 USD - monthly Option 3 : $15.00 USD - monthly Option 4 : $20.00 USD - monthly Option 5 : $25.00 USD - monthly Option 6 : $50.00 USD - monthly Option 7 : $100.00 USD - monthly paypal only		SpaceDaily Contributor $5 Billed Once credit card or paypal

Facebook to crack down on groups spreading misinformation
San Francisco (AFP) April 10, 2019
Facebook on Wednesday ramped up its battle against misinformation, taking aim at groups spreading lies and adding "trust" indicators to news feeds. Moves outlined by Facebook vice president of integrity Guy Rosen were described as part of a strategy launched three years ago to "remove, reduce and inform" when it comes for troublesome content posted at the leading social network's family of services. "This involves removing content that violates our policies, reducing the spread of problematic co ... read more